This is a school environment having a PA500 box using the latest v7 PanOS. We use the UserAgent on our 2012R2 domain controllers to manage internet access for our students. Many of them have private computers which are not member of our domain, hence they are not always aware that their domain account is in the 'password expired' state.
The problem is that the UserAgent handles the 'password expired' domain account status as 'invalid password'. This causes great trouble for students having a test or exam where they are denied access to the sites they need to deliver their work.
Can the UserAgent be configured to accept 'password expired' domain accounts and accept these users with their current (albeit expired) password?
As long as they use their current password and their account is not locked I see no reason that the UserAgent should pick on their access permissions...
Thanks for comments on this
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!